- FBI warns Hit Man e-mail scammer back
- 20 tech habits to improve your life
- Industry mourns slain Cisco exec
- 10 Firefox add-ons for better browsing
- Wireless LANs face scaling challenges
Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:App Performance | On Demand Security | Networking Solution | SOA | Value of WDS
Imagine an intruder found his way into your VoIP network undetected and began listening to any conversation he chose, extracting sensitive information, company secrets or even details he could use to blackmail your CEO.
Last month, a company called Internet Security Systems (ISS) issued an alert to warn users that Cisco's VoIP offering had a security flaw that would allow just that. According to the company, this implementation flaw in Cisco's Call Manager, which handles call signaling and routing, could allow a buffer overflow that would grant an intruder access to the system to listen in on all calls routed through it.
This is one scenario described by ISS and other vendors focused on selling technology to plug the security holes in VoIP, a method for sending voice traffic over IP that many say was not designed with security in mind. ISS and its competitors, which come to this new field largely from the VoIP management and IP security markets, forecast big risks for companies that don't take VoIP security seriously, and undoubtedly look forward to formidable revenue streams generated by those that do.
VoIP "is going to have growing pains when it comes to security," says Neel Mehta, team lead with ISS's X-Force research and development group. "It's still an emerging threat, but one we take very seriously."
This group of vendors, which includes BorderWare, Secure Logix and NFR, urges the use of such security appliances as firewalls that are specifically designed to filter VoIP traffic for suspicious patterns and drop those connections.
Yet it's difficult to find a company that has suffered at the hands of VoIP abusers, be they spammers clogging voice mail boxes with unwanted messages, intruders listening to phone conversations or scammers masking their true identity. So far, the threats appear to be largely hypothetical.
"I don't think there's a whole lot of real threats right now," says Irwin Lazar, senior analyst with Burton Group. "VoIP is still pretty much a closed system; almost no company exposes their VoIP system to the Internet." However, once that changes and companies start publicizing their SIP addresses used in VoIP communications on business cards and Web sites, security will become essential, he says.

Discover the capabilities your file integrity monitoring solution should have to effectively secure...
Toward More Flexible, Next-Generation Collaboration SolutionsA recent study by CIO Magazine and IDG Research Services found that while collaboration tools are...
Boost Productivity While Cutting Costs with Next-generation CollaborationIDG says that "providing employees with collaboration tools that enable them to work together...

The standard for Power over Ethernet (PoE), IEEE Std. 802.3af(tm)-2003, advanced networking,...
Harnessing the power of communications to increase workplace performanceDue to the convergence of IT and telecommunications technologies, the business workplace has been...
Stay out of the headlines: Detecting and preventing network intrusionsHow do YOU stay out of the headlines? There is no denying that risk exists in our computer-driven...
Partner Content
The Foundry Enterprise Advantage
Foundry Networks, Inc. (NASDAQ: FDRY) is a leading provider of high-performance enterprise and service provider switching, routing, security and Web traffic management solutions. Foundry's customers include the world's premier ISPs, metro service providers, and enterprises.
For further information on Foundry Networks please click here.
Leveraging the Advantages
of a Multi-vendor Network Strategy
Today's enterprise network provides more than simply a technology infrastructure. It's an enabler for the enterprise, supporting mission critical applications, creating operational efficiencies and increasing productivity gains. Foundry Networks provides the ideal foundation for a multi-vendor network.
Click here to view whitepaper!
Comments (1)
VOIP and e-mail are not that different in their evolutionBy Anonymous on June 13, 2008, 4:00 pmBoth should be presumed "unsecured" and to be used for non-essential communications until they bring to bear trunking switching within an ATM Backframe which can...
Reply | Read entire comment
View all comments